Re: [SCIENTIFIC-LINUX-USERS] Security ERRATA Critical: glibc on SL6.x, SL7.x i386/x86_64

[Pat Riehecky]

Not sure how that happened....

Any way, they are correctly posted now (repodata still rebuilding)

Pat

On 01/28/2015 09:14 AM, Phil Wyett wrote:

On Tue, 2015-01-27 at 21:16 +0000, Pat Riehecky wrote:

Synopsis:          Critical: glibc security update
Advisory ID:       SLSA-2015:0092-1
Issue Date:        2015-01-27
CVE Numbers:       CVE-2015-0235
--

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions could
use this flaw to execute arbitrary code with the permissions of the user
running the application. (CVE-2015-0235)
--

SL6
   x86_64
     glibc-2.12-1.149.el6_6.5.i686.rpm
     glibc-2.12-1.149.el6_6.5.x86_64.rpm
     glibc-common-2.12-1.149.el6_6.5.x86_64.rpm
     glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm
     glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm
     glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm
     glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm
     glibc-devel-2.12-1.149.el6_6.5.i686.rpm
     glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm
     glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm
     glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm
     nscd-2.12-1.149.el6_6.5.x86_64.rpm
     glibc-static-2.12-1.149.el6_6.5.i686.rpm
     glibc-static-2.12-1.149.el6_6.5.x86_64.rpm
   i386
     glibc-2.12-1.149.el6_6.5.i686.rpm
     glibc-common-2.12-1.149.el6_6.5.i686.rpm
     glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm
     glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm
     glibc-devel-2.12-1.149.el6_6.5.i686.rpm
     glibc-headers-2.12-1.149.el6_6.5.i686.rpm
     glibc-utils-2.12-1.149.el6_6.5.i686.rpm
     nscd-2.12-1.149.el6_6.5.i686.rpm
     glibc-static-2.12-1.149.el6_6.5.i686.rpm
SL7
   x86_64
     glibc-2.17-55.el7_0.5.i686.rpm
     glibc-2.17-55.el7_0.5.x86_64.rpm
     glibc-common-2.17-55.el7_0.5.x86_64.rpm
     glibc-debuginfo-2.17-55.el7_0.5.i686.rpm
     glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm
     glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm
     glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm
     glibc-devel-2.17-55.el7_0.5.i686.rpm
     glibc-devel-2.17-55.el7_0.5.x86_64.rpm
     glibc-headers-2.17-55.el7_0.5.x86_64.rpm
     glibc-utils-2.17-55.el7_0.5.x86_64.rpm
     nscd-2.17-55.el7_0.5.x86_64.rpm
     glibc-static-2.17-55.el7_0.5.i686.rpm
     glibc-static-2.17-55.el7_0.5.x86_64.rpm

- Scientific Linux Development Team

Hi all,

The debuginfo rpm files for this update do not seem to have hit server.

Regards

Phil

--
Pat Riehecky
Scientific Linux developer

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org